Exam MS-100 topic 3 question 34 discussion

The Group writeback feature does not handle security groups or distribution groups.

This question conflicts with a previous one a page or two back where the correct answer indicated that an AzureAD security group would get written back to local AD as a security group if the group writeback feature was enabled. In the discussion for that question, several people mentioned that only Office 365 groups get written back which seems to be the case here.

correct 'There are two versions of group writeback. The original version is in general availability and is limited to writing back Microsoft 365 groups to your on-premises Active Directory instance as distribution groups. The new, expanded version of group writeback is in public preview and enables the following capabilities: You can write back Microsoft 365 groups as distribution groups, security groups, or mail-enabled security groups. You can write back Azure AD security groups as security groups. All groups are written back with a group scope of Universal. You can write back groups that have assigned and dynamic memberships.'

Well, at the time of the writing of this question the answer was A & C, now it is A,B,C,D and E. Since we can only choose 2, have to answer the question in a more legacy context, thus A and C.

ABCDE In AD Connect V2 all are supported. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback-v2

Azure AD Connect group writeback Article 07/15/2022 7 minutes to read 2 contributors Group Writeback is the feature that allows you to write cloud groups back to your on-premises Active Directory using the Azure AD Connect Sync client. This feature enables you to manage groups in the cloud, while controlling access to on-premises applications and resources. Group Writeback provides the following capabilities: Microsoft 365 groups can be written as Distribution groups, Security groups, or Mail-Enabled Security groups. Azure AD Security groups will be written back as Security groups. All groups are written back to AD as scope universal. Allows you to configure group writeback settings for all M365 groups within a tenant. Nested cloud groups and devices, (if device writeback is also enabled) that are members of groups, enabled for writeback, will be written back with scope universal. Now, you can change the common name in an Active Directory group’s distinguished name when configuring group writeback in Azure AD Connect. You can now configure Azure AD groups to writeback using the Azure AD Admin portal, Graph Explorer, and PowerShell.

Groups writeback enables customers to leverage cloud groups for their hybrid needs. If you use the Microsoft 365 Groups feature, then you can have these groups represented in your on-premises Active Directory. This option is only available if you have Exchange present in your on-premises Active Directory.

Only 365 groups are written back if an exchange server is present in the on-premise environment: https://docs.microsoft.com/bs-latn-ba/azure/active-directory/hybrid/how-to-connect-group-writeback

There is an exchange server present. Groups writeback enables customers to leverage cloud groups for their hybrid needs. If you use the Microsoft 365 Groups feature, then you can have these groups represented in your on-premises Active Directory. This option is only available if you have Exchange present in your on-premises Active Directory.

Q 23 ,topic 3. https://www.examtopics.com/discussions/microsoft/view/48807-exam-ms-100-topic-3-question-23-discussion/

IF the group writeback is enabled in the Azure AD Connect configuration so groups created in Azure Active Directory will be synchronized to the on-premise Active Directory. A security group created in Azure Active Directory will be synchronized to the on-premise Active Directory as a security group. in another Q in exam topic.

In exam today

Tested, and One A & C are correct, Security or Dist groups wont be written back.

Agree - A & C. Exam topic #2, Q22 Group write back has specific requirements before only M365 groups can sync back...including Exchange Hybrid. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback#pre-requisites

Here are some references: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-group-writeback https://docs.microsoft.com/en-us/exchange/hybrid-deployment/set-up-microsoft-365-groups#enable-group-writeback-in-azure-ad-connect

A & C for sure!

The question is really asking which of these groups could you use (I read it as "which two groups must be used together" but only one is required). Writeback only works with Office 365 groups.